<?php

/**
 * implement access controller list interface
 */
class Core_Api_Acl
{
    /**
     * @property Core_Model_Db_Table_Acl
     */
    protected $_table = null;

    /**
     * @return Core_Model_Db_Table_Acl
     */
    protected function _getTable()
    {
        if ($this -> _table == null)
        {
            $this -> _table = new Core_Model_DbTable_Acl;
        }
        return $this -> _table;
    }

    /**
     * check permission of $subject for $action_id
     * @param User_Model_User $subject  Object User #1
     * @param string $action id ect: core.admin, user.upload
     * @return TRUE|FALSE return false if accept, deny
     */
    public function allow($action_id, $subject = null)
    {
        if ($subject == NULL)
        {
            $subject = Nuo::getViewer();
        }

        $subject_id = 'role:' . $subject -> getRoleId();

        $table = $this -> _getTable();

        $select = $table -> select() -> where('object_id=?', $subject_id) -> where('action_id=?', $action_id);

        $row = $table -> fetchRow($select);

        if (is_object($row) && $row -> allow == 1)
        {
            return true;
        }

        return false;
    }

}
